The General Data Protection Regulation (GDPR) is a European Union (EU) data privacy regulation that puts the customer/individual in control and it goes into full effect on 25 May 2018. The purpose is to consolidate privacy regulations across the EU.
If your website uses Google Analytics to collect and process user data, we advise that you make sure it does not forward Personal Identifiable Information (PII) to Google server. You can do so by turning on the IP Anonymization feature in your Google Analytics javascript code. Moreover, you need to audit your collection of pseudonymous identifiers (user ID, hashed/encrypted data, transaction IDs).
Do not forget to update your website’s Privacy Policy, which should also state what technologies you are using to collect, track, and process user data in your website – make sure it is written clearly and your website visitors can understand the terms that you are using.
Lastly, build an Opt In/Out capability from any subscription-based marketing. EU citizens have the right to be forgotten and have their personal data erased upon request.
Contact ShoreDigital for more information and how we can help you on GDPR compliance.